How to find entity list of objects? (Vehicles, players, peds, etc.)

[xHype]

Hey guys, I would be really appreciated if somebody really help me with that.
I know how to find list of players in Assault Cube, we bassicaly looking for a pointer that points to the first player, then we add +0x4 to the pointer and we have pointer to next player, etc, etc.
But in GTA: SA? I wasted so much time on trying to find it, I want loop trought all players in server or trought all peds/vehicles in singleplayer.

As far as I know, there is pointer to first object, then we add size of object to existing object, but I don't know how to find the pointer...

I saw on forums people mention smart persons who are advanced in this kind of things so, @Opcode.eXe

 

[Parazitas]

Peds:
http://ugbase.eu/index.php?threads/snippet-for-all-peds.3480/#post-121704
Cars:
http://ugbase.eu/index.php?threads/snippet-forallcars.2769/page-2#post-121703
Object:
http://ugbase.eu/index.php?threads/snippet-for-all-objects.20641/

 

[xHype]

Peds:
http://ugbase.eu/index.php?threads/snippet-for-all-peds.3480/#post-121704
Cars:
http://ugbase.eu/index.php?threads/snippet-forallcars.2769/page-2#post-121703

I posted it in C++ section for a reason.
You can't use cleo to go trought players list on samp server. My question is how to find entity list for players (samp.dll), peds/vehicles (gta_sa.exe).
Edit: My bad, you probably can use cleo to do that, but it's not what I'm looking for.

 

[Parazitas]

@monday
@0x32789
Etc...

 

[Parazitas]

I posted it in C++ section for a reason.
You can't use cleo to go trought players list on samp server. My question is how to find entity list for players (samp.dll), peds/vehicles (gta_sa.exe).
Edit: My bad, you probably can use cleo to do that, but it's not what I'm looking for.

What you trying create?
What the point of this?

 

[xHype]

What you trying create?
What the point of this?

Okay, first of all, reverse engineering learning purposes, second is that samp version changes and has new addresses every update, and if I'll learn how to find entity list for vehicles, peds for singleplayer then I can find whatever I want in gta sa whatever exists.

Like, u showed the pointers for addresses I'm looking for, but we go back to the thing I said, samp version changes and about singleplayer, I just have to learn how to find it by myself. Pointer scanning in cheat engine doesn't work since if I find dynamic address of ped health, I decrement offfest of health (0x540) of adderss, I have base of the ped, right? But we don't know where the base is placed, maybe in middle of entity list, but it's not first object, if it was, I would use pointer scan to find it but nope, it doesn't work like that.

Edit: C++ is known language, it's better for me to find the addresses and use c++ not learning cleo from scratch, also using C++ i have more possibilities, I'm more familiar with.
( I bet you can't write ESP using only cleo )

 

[xHype]

Btw. By saying "object" I didn't mean object in gta sa or samp, I mean object... from the side of programming.

 

[xHype]

Whole thread in one text: How did u find pointer pointing to entity base of vehicles, players or objects.

 

[monday]

Gta addresses are listed here:
https://gtamods.com/wiki/Memory_Addresses_(SA)

There are separate arrays indicating what peds/vehicles/objects are active. E.g.

+4 = Pointer to a byte map indicating which peds are in use

That's why there's this part in the "For all peds" cleo snippet:

    0A8D: 31@ = read_memory 29@ size 1 virtual_protect 0 // 29@ is a pointer to byte map
    000A: 29@ += 0x1
    if and
        0029: 31@ >= 0x00 
        001B: 0x80 > 31@                        
    then

That is equivalent to:

    gtaActorBase = *(DWORD*)0xB74490;
    byteMap = *(DWORD*)(gtaActorBase+4);
    DWORD numberOfActiveActors = *(DWORD*)(gtaActorBase+12);
    for(DWORD i = 0; i < 35584; i = i + 0x100) // 0x100 would have to be changed to 1988 to point to the actor structure, because 0x100 is there to match cleo handler value or something, I don't really know
    {
        BYTE inUse = *(BYTE*)byteMap;
        byteMap += 0x1;
        if(inUse > 0x00 && 0x80 > inUse)

Here's an example of reading gta actor values from external process:

// GTA_mod.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"

#include <iostream>
#include <math.h>
#include <stdio.h>
#include <windows.h>
#include <tlhelp32.h>

using namespace std;



struct actor_info
{
#pragma pack( 1 )
    BYTE deleted[34];
    unsigned short modelID;
    BYTE deleted11[30];
    uint8_t                flags;                /* 66 immunities */
    uint8_t                __unknown_67[1];    /* 67 */
    BYTE deleted2[12];    /* 68 */

    float                spin[3];            /* 80 */
    float                speed_rammed[3];    /* 92 */
    float                spin_rammed[3];        /* 104 */
    uint8_t                __unknown_116[60];    /* 116 */
    void                *__unknown_176;        /* 176 - pointer to a "entry node info" pool item */
    void                *__unknown_180;        /* 180 - pointer to a "ptr node Double" pool item */

                                            //collision data
    DWORD                collision_flags;    /* 184 - 2nd byte = currently colliding 1/0, or actively
                                            running against (0x2), 3rd byte = type colliding with
                                            (1 = road, 4=pavement, 35 = object, 3f=car).. unsure about 3rd byte

                                            nuck notes: 186 is used to tell if a surface is "steep" too,
                                            actually any slight angle at all
                                            */
    void                *last_touched_object;    /* 188 - You can touch roads - those are considered buildings */
    void                *last_collided_object;    /* 192 - pointer to object last collided with (on foot, not jetpack) */
    uint8_t                __unknown_196[16];        /* 196 */
    float                speed;            /* 212 */
    float                collision_time_216; /* 216 - collision timer? */
    void                *collision_current_obj;        /* 220 - pointer to current thing colliding with */
    uint8_t                collision_something[12];    /* 224 - related to collision */
    float                collision_last_coord[3];    /* 236 - coordination of last collision */

                                                    //end of collision data
    uint8_t                __unknown_248[100];            /* 248 */
                                                    // 252 - animation related
    uint8_t                animation_state;            /* 348 */
    uint8_t                __unknown_349[7];            /* 349 */
    float                step_pos[3];        /* 356 - coordinates, last foot step */
    float                step_pos_before[3]; /* 368 - coordinates, foot step before last one */
    uint8_t                __unknown_380[752]; /* 380 */

    BYTE deleted3[16];            /* 1132 */
                                //1148 - animations base
    struct animation_base *animBase;
    BYTE deleted10[4];

    uint8_t                __unknown_1156[8]; /* 1156 */

                                           // relative body-part-positions
    void                *pNeck;                /* 1164 - void* pNeck
                                            (pChest?)
                                            - 4 unknown
                                            - float height
                                            - float front/back
                                            - float left/right
                                            - void* pObject
                                            (same struct for the following body-part-pointers [except pLeft/RightArm])
                                            */
    void                *pHead;                /* 1168 */
    void                *pLeftArm;            /* 1172 */
    void                *pRightArm;            /* 1176 */
    void                *pLeftLowArm;        /* 1180 */
    void                *pRightLowArm;        /* 1184 */
    void                *pLeftLeg;            /* 1188 */
    void                *pRightLeg;            /* 1192 */
    void                *pLeftLowLeg;        /* 1196 */
    void                *pRightLowLeg;        /* 1200 */
    void                *pRightMidLeg;        /* 1204 */
    void                *pLeftMidLeg;        /* 1208 */
    void                *pLeftMidArm;        /* 1212 */
    void                *pRightMidArm;        /* 1216 */
    void                *pLeftShoulder;        /* 1220 */
    void                *pRightShoulder;    /* 1224 */
    void                *pChest;            /* 1228 */
    void                *pMouth;            /* 1232 */
                                            // end of body-part-positions

    uint8_t                runningStyle;        /* 1236 - 0x36 = cj, 0x8A = rollerskate,
                                            0x7F = woozie, 0x75 = crash.. etc. */
    uint8_t                __unknown_1237[7];    /* 1237 */
    float                runspeed;            /* 1244 */
    uint8_t                __unknown_1248[36]; /* 1248 */
    uint16_t            muzzle_flash;        /* 1284 */
    uint8_t                __unknown_1286[6];    /* 1286 */

    BYTE deleted4[32];    /* 1292 - Inverse Kinematics */
    uint8_t                __unknown_1324[4];    /* 1324 */

    uint32_t            actorState;    /* 1328 - ACTOR_STATE_* */
    uint32_t            runState; /* 1332 - ACTOR_MSTATE_* */
    uint8_t                __unknown_1336[8];    /* 1336 */
    float                hitpoints;            /* 1344 */
    float                hitpoints_max;        /* 1348 - hmm, does not seem to be right.. it's set to "100.1318519" or something like that */
    float                armor;    /* 1352 */
    uint8_t                __unknown_1356[12];        /* 1356 */

                                                // 1360 and 1364 are using in resetting on-foot position when re-standing up

    float                fCurrentRotation;        /* 1368 */
    float                fTargetRotation;        /* 1372 */
    float                fRotationSpeed;            /* 1376 */
    float                fRotationCalculation;    /* 1380 - is 0.1 when target rotation reached */

    union
    {
        BYTE deleted5[4];    /* 1384 - touching a CEntitySAInterface */
        struct vehicle_info *vehicle_contact;    /* 1384 - standing on top of vehicle */
    };

    float    vehicle_contact_dist[3];            /* 1388 - distance to the middle of the car standing on */
    float    fPlaneAnglesContactEntity[3];        /* 1400 - Angles of the plane of the contact entity the actor is
                                                standing on (?) */
    void    *item_contact;                        /* 1412 - standing on top of vehicle/object/building/...*/
    float    fUnknown_1416;                        /* 1416 - only changing when slightly under map */

    union
    {
        //CEntitySAInterface    *CurrentObjective;    /* 1420 - usually current vehicle's entity */
        DWORD vehicleDw;
        struct vehicle_info *vehicle;
    };

    uint8_t                __unknown_1424[8];    /* 1424 */
    uint8_t                actor_lock;            /* 1432 */
    uint8_t                __unknown_1433[7];    /* 1433 */
    BYTE deleted6[364];            /* 1440 */
    uint8_t                __unknown_1804[12]; /* 1804 */
    uint8_t                weapon_slot;        /* 1816 */
    uint8_t                __unknown_1817[3];    /* 1817 */
    void                *ptr_autoAimTarget;    /* 1820 - weapon target */
    float                fImpactPos_close[3];/* 1824 - last impact point of close range weapon [fist/knife/csaw/etc.] */
    uint8_t                __unknown_1836[20]; /* 1836 */
    uint32_t            weapon_model;        /* 1856 */
    uint8_t                __unknown_1860[28]; /* 1860 */
    uint32_t            weapon_hit_type;    /* 1888 - last hit by this weapon */
    struct actor_info    *weapon_hit_by;        /* 1892 - last hit by this object (usually an actor) */
    uint8_t                __unknown_1889[92]; /* 1896 */
};    /* 1988 */


int main()
{
    cout << "Looking for GTA:SA:MP window." << endl;
    // MA VARIABLES
    DWORD pId;
    DWORD dwOldProtect = 0;
    HANDLE pHandle;
    HWND hWnd = 0;

    float zero = 0.0;
    while (hWnd == 0) {
        hWnd = FindWindow(0, "GTA:SA:MP");
        Sleep(100);
    }
    cout << "Just found the window." << endl;

    GetWindowThreadProcessId(hWnd, &pId);
    pHandle = OpenProcess(PROCESS_ALL_ACCESS | PROCESS_VM_OPERATION, TRUE, pId);

    
    DWORD pedPoolUsageInfo;
    DWORD pedPoolBegining;
    DWORD byteMapAddr;
    BYTE activityStatus; //bytemap check
    actor_info actor; // a.k.a "CPed" or ClassPedestrian?
    float hp;
    float armor;
    while (true)
    {
        ReadProcessMemory(pHandle, (LPCVOID)0xB74490, &pedPoolUsageInfo, 4, 0);
        ReadProcessMemory(pHandle, (LPCVOID)(pedPoolUsageInfo), &pedPoolBegining, 4, 0);
        ReadProcessMemory(pHandle, (LPCVOID)(pedPoolUsageInfo +4), &byteMapAddr, 4, 0);
        
        for (BYTE i = 0; i < 140; i++)
        {
            ReadProcessMemory(pHandle, (LPCVOID)(byteMapAddr + i), &activityStatus, 1, 0);
            if (activityStatus > 0 && activityStatus < 128)
            {
                ReadProcessMemory(pHandle, (LPCVOID)(pedPoolBegining + i * 1988), &actor, 1988, 0);
                cout << "ID(memory): " << (int)i << ", Speed: " << actor.speed << ", HP: " << actor.hitpoints << ", Armor: " << actor.armor << endl;

                //or instead of reading the whole 1988 bytes at once (which is slow) ignore the actor_struct and "manually" read all the data like:
                /*
                
                ReadProcessMemory(pHandle, (LPCVOID)(pedPoolBegining + i * 1988 + 1344), &hp, 4, 0); //1344 is offset for hp
                ReadProcessMemory(pHandle, (LPCVOID)(pedPoolBegining + i * 1988 + 1352), &armor, 4, 0); //1352 is offset for armor
                cout << "ID(memory): " << (int)i << ", HP: " << hp << ", Armor: " << armor << endl;
                
                */

                Sleep(500); // just to check whether the example works without spamming too much
            }
        }       
    }
    CloseHandle(pHandle);
    return 0;
}

If you'd like to loop through samp entities instead of gta ones you could check this out:
https://github.com/BlastHackNet/mod_s0beit_sa-1/blob/master/src/samp.h

In case of samp, the array (indicating whether player is listed) contains integers (not bytes which was the case with gta entities)
stSamp -> stSAMPPools -> stPlayerPool -> iIsListed[SAMP_MAX_PLAYERS];

SAMP_INFO_OFFSET (0x21A0F8 in 0.3.7 R1 version) is an offset from samp.dll pointing to stSamp

In the stPlayerPool structure you can see "pRemotePlayer[SAMP_MAX_PLAYERS]" which is where useful data about players is stored.
There's also "ulMaxPlayerID" which could help to make the loop more efficient by breaking when max id was reached already (I guess).

It doesn't really answer how to find these but you could check this video:

 

[xHype]

Gta addresses are listed here:
https://gtamods.com/wiki/Memory_Addresses_(SA)

There are separate arrays indicating what peds/vehicles/objects are active. E.g.


That's why there's this part in the "For all peds" cleo snippet:

    0A8D: 31@ = read_memory 29@ size 1 virtual_protect 0 // 29@ is a pointer to byte map
    000A: 29@ += 0x1
    if and
        0029: 31@ >= 0x00
        001B: 0x80 > 31@                      
    then

That is equivalent to:

    gtaActorBase = *(DWORD*)0xB74490;
    byteMap = *(DWORD*)(gtaActorBase+4);
    DWORD numberOfActiveActors = *(DWORD*)(gtaActorBase+12);
    for(DWORD i = 0; i < 35584; i = i + 0x100) // 0x100 would have to be changed to 1988 to point to the actor structure, because 0x100 is there to match cleo handler value or something, I don't really know
    {
        BYTE inUse = *(BYTE*)byteMap;
        byteMap += 0x1;
        if(inUse > 0x00 && 0x80 > inUse)

Here's an example of reading gta actor values from external process:

// GTA_mod.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"

#include <iostream>
#include <math.h>
#include <stdio.h>
#include <windows.h>
#include <tlhelp32.h>

using namespace std;



struct actor_info
{
#pragma pack( 1 )
    BYTE deleted[34];
    unsigned short modelID;
    BYTE deleted11[30];
    uint8_t                flags;                /* 66 immunities */
    uint8_t                __unknown_67[1];    /* 67 */
    BYTE deleted2[12];    /* 68 */

    float                spin[3];            /* 80 */
    float                speed_rammed[3];    /* 92 */
    float                spin_rammed[3];        /* 104 */
    uint8_t                __unknown_116[60];    /* 116 */
    void                *__unknown_176;        /* 176 - pointer to a "entry node info" pool item */
    void                *__unknown_180;        /* 180 - pointer to a "ptr node Double" pool item */

                                            //collision data
    DWORD                collision_flags;    /* 184 - 2nd byte = currently colliding 1/0, or actively
                                            running against (0x2), 3rd byte = type colliding with
                                            (1 = road, 4=pavement, 35 = object, 3f=car).. unsure about 3rd byte

                                            nuck notes: 186 is used to tell if a surface is "steep" too,
                                            actually any slight angle at all
                                            */
    void                *last_touched_object;    /* 188 - You can touch roads - those are considered buildings */
    void                *last_collided_object;    /* 192 - pointer to object last collided with (on foot, not jetpack) */
    uint8_t                __unknown_196[16];        /* 196 */
    float                speed;            /* 212 */
    float                collision_time_216; /* 216 - collision timer? */
    void                *collision_current_obj;        /* 220 - pointer to current thing colliding with */
    uint8_t                collision_something[12];    /* 224 - related to collision */
    float                collision_last_coord[3];    /* 236 - coordination of last collision */

                                                    //end of collision data
    uint8_t                __unknown_248[100];            /* 248 */
                                                    // 252 - animation related
    uint8_t                animation_state;            /* 348 */
    uint8_t                __unknown_349[7];            /* 349 */
    float                step_pos[3];        /* 356 - coordinates, last foot step */
    float                step_pos_before[3]; /* 368 - coordinates, foot step before last one */
    uint8_t                __unknown_380[752]; /* 380 */

    BYTE deleted3[16];            /* 1132 */
                                //1148 - animations base
    struct animation_base *animBase;
    BYTE deleted10[4];

    uint8_t                __unknown_1156[8]; /* 1156 */

                                           // relative body-part-positions
    void                *pNeck;                /* 1164 - void* pNeck
                                            (pChest?)
                                            - 4 unknown
                                            - float height
                                            - float front/back
                                            - float left/right
                                            - void* pObject
                                            (same struct for the following body-part-pointers [except pLeft/RightArm])
                                            */
    void                *pHead;                /* 1168 */
    void                *pLeftArm;            /* 1172 */
    void                *pRightArm;            /* 1176 */
    void                *pLeftLowArm;        /* 1180 */
    void                *pRightLowArm;        /* 1184 */
    void                *pLeftLeg;            /* 1188 */
    void                *pRightLeg;            /* 1192 */
    void                *pLeftLowLeg;        /* 1196 */
    void                *pRightLowLeg;        /* 1200 */
    void                *pRightMidLeg;        /* 1204 */
    void                *pLeftMidLeg;        /* 1208 */
    void                *pLeftMidArm;        /* 1212 */
    void                *pRightMidArm;        /* 1216 */
    void                *pLeftShoulder;        /* 1220 */
    void                *pRightShoulder;    /* 1224 */
    void                *pChest;            /* 1228 */
    void                *pMouth;            /* 1232 */
                                            // end of body-part-positions

    uint8_t                runningStyle;        /* 1236 - 0x36 = cj, 0x8A = rollerskate,
                                            0x7F = woozie, 0x75 = crash.. etc. */
    uint8_t                __unknown_1237[7];    /* 1237 */
    float                runspeed;            /* 1244 */
    uint8_t                __unknown_1248[36]; /* 1248 */
    uint16_t            muzzle_flash;        /* 1284 */
    uint8_t                __unknown_1286[6];    /* 1286 */

    BYTE deleted4[32];    /* 1292 - Inverse Kinematics */
    uint8_t                __unknown_1324[4];    /* 1324 */

    uint32_t            actorState;    /* 1328 - ACTOR_STATE_* */
    uint32_t            runState; /* 1332 - ACTOR_MSTATE_* */
    uint8_t                __unknown_1336[8];    /* 1336 */
    float                hitpoints;            /* 1344 */
    float                hitpoints_max;        /* 1348 - hmm, does not seem to be right.. it's set to "100.1318519" or something like that */
    float                armor;    /* 1352 */
    uint8_t                __unknown_1356[12];        /* 1356 */

                                                // 1360 and 1364 are using in resetting on-foot position when re-standing up

    float                fCurrentRotation;        /* 1368 */
    float                fTargetRotation;        /* 1372 */
    float                fRotationSpeed;            /* 1376 */
    float                fRotationCalculation;    /* 1380 - is 0.1 when target rotation reached */

    union
    {
        BYTE deleted5[4];    /* 1384 - touching a CEntitySAInterface */
        struct vehicle_info *vehicle_contact;    /* 1384 - standing on top of vehicle */
    };

    float    vehicle_contact_dist[3];            /* 1388 - distance to the middle of the car standing on */
    float    fPlaneAnglesContactEntity[3];        /* 1400 - Angles of the plane of the contact entity the actor is
                                                standing on (?) */
    void    *item_contact;                        /* 1412 - standing on top of vehicle/object/building/...*/
    float    fUnknown_1416;                        /* 1416 - only changing when slightly under map */

    union
    {
        //CEntitySAInterface    *CurrentObjective;    /* 1420 - usually current vehicle's entity */
        DWORD vehicleDw;
        struct vehicle_info *vehicle;
    };

    uint8_t                __unknown_1424[8];    /* 1424 */
    uint8_t                actor_lock;            /* 1432 */
    uint8_t                __unknown_1433[7];    /* 1433 */
    BYTE deleted6[364];            /* 1440 */
    uint8_t                __unknown_1804[12]; /* 1804 */
    uint8_t                weapon_slot;        /* 1816 */
    uint8_t                __unknown_1817[3];    /* 1817 */
    void                *ptr_autoAimTarget;    /* 1820 - weapon target */
    float                fImpactPos_close[3];/* 1824 - last impact point of close range weapon [fist/knife/csaw/etc.] */
    uint8_t                __unknown_1836[20]; /* 1836 */
    uint32_t            weapon_model;        /* 1856 */
    uint8_t                __unknown_1860[28]; /* 1860 */
    uint32_t            weapon_hit_type;    /* 1888 - last hit by this weapon */
    struct actor_info    *weapon_hit_by;        /* 1892 - last hit by this object (usually an actor) */
    uint8_t                __unknown_1889[92]; /* 1896 */
};    /* 1988 */


int main()
{
    cout << "Looking for GTA:SA:MP window." << endl;
    // MA VARIABLES
    DWORD pId;
    DWORD dwOldProtect = 0;
    HANDLE pHandle;
    HWND hWnd = 0;

    float zero = 0.0;
    while (hWnd == 0) {
        hWnd = FindWindow(0, "GTA:SA:MP");
        Sleep(100);
    }
    cout << "Just found the window." << endl;

    GetWindowThreadProcessId(hWnd, &pId);
    pHandle = OpenProcess(PROCESS_ALL_ACCESS | PROCESS_VM_OPERATION, TRUE, pId);

  
    DWORD pedPoolUsageInfo;
    DWORD pedPoolBegining;
    DWORD byteMapAddr;
    BYTE activityStatus; //bytemap check
    actor_info actor; // a.k.a "CPed" or ClassPedestrian?
    float hp;
    float armor;
    while (true)
    {
        ReadProcessMemory(pHandle, (LPCVOID)0xB74490, &pedPoolUsageInfo, 4, 0);
        ReadProcessMemory(pHandle, (LPCVOID)(pedPoolUsageInfo), &pedPoolBegining, 4, 0);
        ReadProcessMemory(pHandle, (LPCVOID)(pedPoolUsageInfo +4), &byteMapAddr, 4, 0);
      
        for (BYTE i = 0; i < 140; i++)
        {
            ReadProcessMemory(pHandle, (LPCVOID)(byteMapAddr + i), &activityStatus, 1, 0);
            if (activityStatus > 0 && activityStatus < 128)
            {
                ReadProcessMemory(pHandle, (LPCVOID)(pedPoolBegining + i * 1988), &actor, 1988, 0);
                cout << "ID(memory): " << (int)i << ", Speed: " << actor.speed << ", HP: " << actor.hitpoints << ", Armor: " << actor.armor << endl;

                //or instead of reading the whole 1988 bytes at once (which is slow) ignore the actor_struct and "manually" read all the data like:
                /*
              
                ReadProcessMemory(pHandle, (LPCVOID)(pedPoolBegining + i * 1988 + 1344), &hp, 4, 0); //1344 is offset for hp
                ReadProcessMemory(pHandle, (LPCVOID)(pedPoolBegining + i * 1988 + 1352), &armor, 4, 0); //1352 is offset for armor
                cout << "ID(memory): " << (int)i << ", HP: " << hp << ", Armor: " << armor << endl;
              
                */

                Sleep(500); // just to check whether the example works without spamming too much
            }
        }     
    }
    CloseHandle(pHandle);
    return 0;
}

If you'd like to loop through samp entities instead of gta ones you could check this out:
https://github.com/BlastHackNet/mod_s0beit_sa-1/blob/master/src/samp.h

In case of samp, the array (indicating whether player is listed) contains integers (not bytes which was the case with gta entities)
stSamp -> stSAMPPools -> stPlayerPool -> iIsListed[SAMP_MAX_PLAYERS];

SAMP_INFO_OFFSET (0x21A0F8 in 0.3.7 R1 version) is an offset from samp.dll pointing to stSamp

In the stPlayerPool structure you can see "pRemotePlayer[SAMP_MAX_PLAYERS]" which is where useful data about players is stored.
There's also "ulMaxPlayerID" which could help to make the loop more efficient by breaking when max id was reached already (I guess).

It doesn't really answer how to find these but you could check this video:

Thank you for such useful information, funny because I'm LiveOverflow subscriber so I saw video above.
Well, you gave me info containing pointers already found by someone, my question is now how do I find it by myself?
Don't get me bad, I just want learn how do I find pointer to pedPool. If I learn that, will know how to find other things like this in future samp versions.

Like, look: I found dynamic address of ped health (or player, whatever). I decrement offset 0x540 of it so I have its base.
What do I do now to find the pointer pointing to this address, if not to this address then to what?

 

[0x_]

You may have the base of the player object by that, this doesn't mean you have the base of the "list".
A breakpoint by read on the base pointer of the player should lead you to something; there are many ways to find the "list" containing the entites.

 

[xHype]

You may have the base of the player object by that, this doesn't mean you have the base of the "list".
A breakpoint by read on the base pointer of the player should lead you to something; there are many ways to find the "list" containing the entites.

Well, I managed when you hit a ped it stores its base in EBP+8, I traced it to the start of function when there are push instruction.
One of them was something like: mov esi, [EBP+8]. And it was at the start of the function, value stored in EBP+8 is dynamic too and I have no idea what to do now.
And yes, I know. After youtold me it is not a list I was expecting any example but, nvm about that.